k8s 使用本地docker仓库
环境:
树莓派4B 4G+
K8S version:1.16.2
集群:1 master 2 node
仓库ip:192.168.1.2:5000
前提:
本地已搭建好docker本地仓库:
例如执行以下命令运行本地仓库:
docker run -d -p 5000:5000 --name=registry --restart=always --privileged=true --log-driver=none -v /app/docker/registry:/tmp/registry registry
本地仓库以有镜像,以nginx镜像为例
1、确保docker能够http到本地仓库,docker默认是https,禁用掉了http,需要在配置文件中声明:
root@k8smaster:/app/k8s/conf/ym# cat /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"iptables": false,
"ip-masq": false,
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"],
"graph": "/app/docker/run",
"insecure-registries":["192.168.1.2:5000"]
}
其中: "insecure-registries":["192.168.1.2:5000"] 这个参数是声明http访问本地仓库,注意,各个node节点的docker都需要加入该参数
2、创建一个docker账户,以上创建本地仓库命令并没有创建docker账户:
在仓库所在主机创建一个仓库登录账户,由于我把本地仓库直接放在了K8S master所在主机上,所以直接在mater主机创建仓库登录账户
docker login 192.168.1.2:5000
输入用户名:root
输入密码:123456
没有创建账户的,第一次登录会创建一个账户,该文件会创建在 ~/.docker/目录下的conf文件中
这时候其他主机的docker login已经能够登录到该仓库了
3、创建K8S secret:
kubectl create secret docker-registry regs --docker-server=192.168.1.2:5000 --docker-username=root --docker-password=123456 --namespace=dep
注意我是指定了namespace的,根据实际情况决定是否要加上指定空间等参数,也可以不加默认到default下
4、查看本次仓库镜像版本等详情:
root@k8smaster:/app/k8s/conf/ym# curl -XGET 192.168.1.2:5000/v2/nginx/tags/list
{"name":"nginx","tags":["latest"]}
5、查看刚刚创建的secret:
root@k8smaster:/app/k8s/conf/ym# kubectl get secret -n dep
NAME TYPE DATA AGE
default-token-hfjnk kubernetes.io/service-account-token 3 18h
regs kubernetes.io/dockerconfigjson 1 49m
6、开始写nginx pod的yaml文件:
root@k8smaster:/app/k8s/conf/ym# cat nginx.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-t
namespace: dep
spec:
containers:
- name: nginx-t
image: 192.168.1.2:5000/nginx:latest
imagePullSecrets:
- name: regs
7、等待pod的启动,并获取它的信息:
root@k8smaster:/app/k8s/conf/ym# kubectl get pods nginx-t -n dep --output=yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{},"name":"nginx-t","namespace":"dep"},"spec":{"containers":[{"image":"192.168.1.2:5000/nginx:latest","name":"nginx-t"}],"imagePullSecrets":[{"name":"regs"}]}}
creationTimestamp: "2020-03-12T08:04:07Z"
name: nginx-t
namespace: dep
resourceVersion: "710399"
selfLink: /api/v1/namespaces/dep/pods/nginx-t
uid: 5cf73180-4a8f-4b98-9f69-ab9ce6f76155
spec:
containers:
- image: 192.168.1.2:5000/nginx:latest
imagePullPolicy: Always
name: nginx-t
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: default-token-hfjnk
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
imagePullSecrets:
- name: regs
nodeName: k8snode1
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: default-token-hfjnk
secret:
defaultMode: 420
secretName: default-token-hfjnk
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2020-03-12T08:04:07Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2020-03-12T08:05:42Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2020-03-12T08:05:42Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2020-03-12T08:04:07Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://0cca8cee026adad5b9be2bd2f540aa17e81f6e15c834945eba7976eac39b13eb
image: 192.168.1.2:5000/nginx:latest
imageID: docker-pullable://192.168.1.2:5000/nginx@sha256:1fe697934cec1c15ae04d198d7b29270bf2e187dcf6c093d23f182116d5e651d
lastState: {}
name: nginx-t
ready: true
restartCount: 0
started: true
state:
running:
startedAt: "2020-03-12T08:05:41Z"
hostIP: 192.168.1.3
phase: Running
podIP: 10.244.2.4
podIPs:
- ip: 10.244.2.4
qosClass: BestEffort
startTime: "2020-03-12T08:04:07Z"
由启动后pod打出的yaml得知,该镜像从本地拉取并运行
同样,查看pod的启动事件:
root@k8smaster:/app/k8s/conf/ym# kubectl get events -n dep
LAST SEEN TYPE REASON OBJECT MESSAGE
<unknown> Normal Scheduled pod/nginx-t Successfully assigned dep/nginx-t to k8snode1
59m Normal Pulling pod/nginx-t Pulling image "192.168.1.2:5000/nginx:latest"
58m Normal Pulled pod/nginx-t Successfully pulled image "192.168.1.2:5000/nginx:latest"
57m Normal Created pod/nginx-t Created container nginx-t
57m Normal Started pod/nginx-t Started container nginx-t
能看出K8S从本地拉取的镜像